WhatsApp privacy is ‘broken,’ reveals proof-of-concept hack

WhatsApp’s privacy settings are “broken” and can be bypassed by downloading a simple bit of software, claims the Dutch developer behind proof-of-concept tool WhatsSpy Public.

Stalkers could be able to track any WhatsApp user’s profile picture, privacy settings, status messages and online or offline status, reports Network World, even if their their account is set up to hide this information.

The discovery was made by Maikel Zweerink, who created WhatsSpy Public to highlight the messaging service’s ineffective privacy options.  The software allows anybody with a phone number not tied to WhatsApp to spy on users’ status and profile photo, despite the app’s FAQ stating they would be seen by ‘nobody’.

The WhatsSpy Dashboard can also display a timeline that shows when users have been online and how long they spent using the app.

“The privacy options in WhatsApp act like they give you full control over your status in WhatsApp,” wrote Zweerink in a blog post. “Meanwhile they only affect a very limited scope. Sure, the last seen, profile picture and status options do work, but probably not as the user intented it to. The ability for a complete stranger to follow your in-app status is pretty creepy and might have been abused already.”

He added, “This is not an “hack” or “exploit” but it’s broken by design.”

WhatsApp has recently pledged to get tough on security, as reported in November, introducing end-to-end encryption to help keep users’ private messages private. As noted by the International Business Times, the service was previously rated 5 out of 7 by The Electronic Frontier Foundation (EFF), which tracks how well messaging apps secure their users’ privacy.

This latest flaw in it’s privacy settings, however, raises fresh concerns over WhatsApp’s security policy. The app is currently rated 2 out 7 by the EFF.

Author , ESET

  • David Kinlay

    I hope that WhatsApp are being proactive and getting a fix asap

Follow us

Copyright © 2017 ESET, All Rights Reserved.